Solaris 10, ssh and users without password

Similar Messages

• Access to User without Password

  A temporary employee (now gone forever) set up some workfiles on a non networked Mac in their own User - as the administrator can we access the User without the password (which we have buckley's of getting).

  Use the "Accounts" System Preference" from the administrator account. Click the lock at the lower-left to unlock it, select the user's account, and change the password. You can also use Get-Info to change ownership or permissions on the user's files and folders if you click the lock icon in the Get-Info window (click the "Details" triangle at the bottom of the window).

• Logon with multiple users goes directly into user without password prompt?

  I upgraded to Lion after Hard drive crashed and was replaced by apple even though I had Lion OSX they insisted that I upgraded which I eventually had to do.
  The problem is as follows:
  When PC is intially turned on the User selection screen does not appaer and the system goes straight into the first account created without password validation. All accounts setup have PW added to prevent my kids from accessing th PC. However if I loggoff the user screen appears and PW must be used. This does this on ever restart or turn on. Tried resetting & re adding the accounts but same issue occurs.
  Any help on this issue will be appreciated.
  Thanks

  System Preferences -> Security -> General -> Disable automatic login

• [solved] NetworkManager as user without password.

  I just installed Arch Linux on my wife's netbook with KDE. Everything went fine.
  Problem is that when the desktop is up kwallet appears and wants a password for NetworkManager services, in this case the wireless. I added the user to the network group and setup a file for that case which I found on the Arch NetworkManager wiki in polkit-1. On the other hand I read that this is pretty useless with systemd.
  I haven't found a workaround yet and searching the forum or search engine didn't come up with a solution either.
  Last edited by tolstoi (2013-03-20 17:03:50)

  If do not want the kwallet security, you can disable it from Network Management Settings -> other ->  connection secrets -< in file. However, I donot know the security impacts of doing this.

• How to create an IDM User without Password ?

  Hi ,
  I want to create an User in IDM without Password. If I remove the FieldRef for the Password field, it is throwing Password Voilation error.
  Is ther any way to create a User in IDM without password?
  If so please let me know.
  Thanks
  Message was edited by:
  Raja.Samy

  If you are using any other resource as Pass-through Authentication, then the password fields can be blank. In fact, if you enable pass-though authentication, the tabbed user form does not show the password fields.

• How can I erase all content and settings without password

  I just bought this iPad from my friend, when I try to erase all content and settings, it asked me about the password of his Apple ID password. But he already forgot it! So how can I erase everything back to the factory setting, like a brand new iPad, has nothing in it. Please help and thank you very much.

  That is activation lock and cannot be bypassed. He will have to remember his password, or reset it so you can continue with the restore.  There's no way around this as it is an anti theft feature to prevent thieves from being able to use the device. It would be pointless if you could bypass it.

• Can I delete all files and users (including admin account) without re-installing SL?

  I have a 1st generation Macbook Air, running Snow Leopard 10.6.8.  Just bought myself a new MBA, want to sell the old one (privately, not soliciting here).
  The original install disks were Leopard.  I bought a family pack SL and upgraded the MBA at that point.  Earlier this year I sold my old Mac Mini (when I upgraded) and included the SL install disks with that sale (stupid of me).
  Now I want to sell the old MBA.  Ideally, I'd have a clean install on SL on it, minus all previous files and accounts.  I've done that before when selling old computers, reformatted / erased the HD, then reinstalled the OS.  But I don't have the SL disk anymore, and I don't really want to pay for it just to prep this notebook for sale.
  AFAICT, my options are:
  wipe the HD and reinstall Leopard (the only OSX disks I have).  Whoever buys it from me would need to upgrade to SL themselves, and from there to Lion if they want.
  somehow try to delete all files and users without touching the current install of SL.  I'm not terribly worried about security of what little information is on the MBA (nothing important to me), so I don't mind trashing files and then emptying trash instead of wiping the HD block by block. 
  Any ideas for how to do #2?  I can trash all files/folders under /user, uninstall all applications and delete their folders from Library, uninstall all browsers except Safari and wipe the history from that...
  Is there other stuff I should be deleting?  plist files, maybe?  I'm leery of messing around too much and disrupting the install of the underlying OS.
  Can I also delete the admin account (or rename it "admin" with a generic default password?)?
  Any other suggestions?  Thanks.

  Trashing files you have created is relatively easy. Getting rid of an account is a bit harder. Trashing the .plist files, etc., that may contain personal info is a lot harder, and there is always the risk that you will miss something.
  Best, and easiest, and customary, is to do option #1 - wipe the drive and re-install the original OS from the original disk set. The receiver of the machine can then decide which OS they want to upgrade it to, and purchse accordingly.
  The original disk set for that machine should be included with it when it is sold.

• What is the MeetingPlace dafault user profile passwords?

  Does anyone know what the default user profile and user ID passwords are for MeetingPlace Enterprise 5.3?
  Thanks,
  Jason

  That is the default for the Audio server's CLI. I'm looking for the default that is given to a user profile when imported into the system via MeetingTime. I imported 7000 user accounts but did not define a password for the user ID or the profile number. I need to know what both of those defaults are for the user accounts.
  Thanks,
  Jason

• I recently purchased a new computer and activated firefox sync and Bookmarks came across OK but without passwords. Went back to reload in event of error and user name and password that was accepted earlier now rejected.

  As above sync worked but without passwords, all efforts to enter site to remedy were rejected and password reset refused. To my amazement when I came to file this question name and password was accepted.

  this helped soo much thank you!

• Irregular failure to authenticate OpenDirectory users via password-based ssh

  TL;DR - my Yosemite Open Directory server irregularly fails to properly authenticate users (via password-based ssh). 
  I recently moved an Open Directory server from an Xserve running 10.6 to a new Mini running 10.10.  I archived the OD config on the Xserve and then took it offline.  Then I brought the Mini online using the same hostname/IP address, created a new OD master using the archived configuration.  Everything seemed to work well, however sometimes the server will not authenticate users via password when logging in with ssh/sftp/scp.  This is also true of a few OS X machines that bind to the OD server (i.e. they usually authenticate users properly, but sometimes fail for no discernable reason). 
  The failures are only for password authentication using ssh.  Other mechanisms do not exhibit the auth failures.  For instance, AFP and SMB user auth never fails (with proper credentials).  Nor do users to a FileMaker Server machine that authenticate via the OD server have problems.  Public key based ssh authentication never fails.  Local accounts (non-OD, aka "Local Network Accounts") also do not fail using password-based authentication.
  The failures are irregular.  The only pattern that I can find at all is that sometimes when the failures start happening, they keep happening continuously until...at some point they work properly again.  That is, they may fail from 11:15 am to 2:01 pm, and if so, then all of them fail in that time range.  Sometimes that time range lasts seconds, sometimes it lasts hours.
  The time range failure pattern is host specific.  For instance, if password authentication is failing on the main OD server, authentication may be fine on the other bound machines.  If authentication is failing on one of the bound machines, then it may be fine on all others and fine on the OD server itself.
  The failure pattern does not seem to correlate to any other events or activity on the server (even remotely).  CPU utilization never gets above about 15%.  Memory utilization is similarly very low.  Network traffic is occasionally high, but it does not seem in any way related to the auth failures.  There are not other log messages that occur before or after the failures with any consistency.
  I've been monitoring the auth failures by attempting to login to the OD server and two other bound hosts once per minute so that I can tell when the auth is failing (before getting calls from the users). 
  The adaptive firewall is not running on the OD server.  Nor is any other firewall.
  Below are a comparison of the system.log entries for a failed and successful auth (I've stripped out those lines that are identical in both instances).  The log entries have been sanatized as described.
  Rebooting the OD server does not affect the bound clients' authentication.  Rebooting the OD server is problematic, and I cannot do it often.  When I do, sometimes failures start soon after reboot, and sometimes that don't come back for many hours - again, no discernable pattern.
  If anyone has any ideas what I can do to discover the source of this problem and come up with a solution, I'd very much appreciate it.  Note that I'm aware that I can export all users and group and reconstruct a new, clean OD master, but without the ability to save the passwords, this becomes a large logisitcal problem, and I'm saving it as a last resort (particularly since if it doesn't solve my problem, I will have inconvenienced many users and be right back in the same place).
  Thanks for reading.
  First failure:
      Feb 11 00:00:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:65373 for host/[email protected] [canonicalize, forwardable]
      Feb 11 00:00:20 odserver.myorg.gov opendirectoryd[67268]: GSSAPI Error:  Miscellaneous failure (see text (unable to reach any KDC in realm ODSERVER.MYORG.GOV, tried 2 KDCs (negative cache))
      Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: error: PAM: authentication error for myusername from clienthost.myorg.gov via 10.50.50.50
      Feb 11 00:00:20 odserver.myorg.gov sshd[72974]: Connection closed by 10.50.50.99 [preauth]
  Now successful auth:
      Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:63978 for host/[email protected] [canonicalize, forwardable]
      Feb 11 01:03:20 odserver.myorg.gov kdc[67]: TGS-REQ [email protected] from 127.0.0.1:62346 for ldap/[email protected] [canonicalize, forwardable]
      Feb 11 01:03:20 odserver.myorg.gov sshd[73786]: Accepted keyboard-interactive/pam for myusername from 10.50.50.99 port 53361 ssh2
      Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: GetStatus: connecting to self not allowed
     Feb 11 01:03:20 odserver.myorg.gov NetAuthSysAgent[73789]: ERROR: AFP_GetServerInfo - connect failed 62
  I've sanitized the entries as follows, replacing...
  My username by myusername
  The ssh source host IP address by 10.50.50.99
  The ssh source hostname by clienthost.myorg.gov
  The server hostname by odserver.myorg.gov
  The server hostname (in caps) by ODSERVER.MYORG.GOV
  The server IP address by 10.50.50.50

  Hello James,
  I have not had a chance to look for the Router configuration document, however, for one of my certificate exams I did configure Authentication Proxy on an IOS router. The config for that lab was:
  aaa new-model
  aaa authentication login default group tacacs+ local
  aaa authorization auth-proxy default group tacacs+ local
  aaa session-id common
  ip auth-proxy name AUTHPROXY http inactivity-time 60
  interface FastEthernet0/0
  ip address 192.168.250.19 255.255.255.0
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 192.168.200.120 255.255.255.0
  ip access-group 110 in
  ip nat inside
  ip virtual-reassembly
  ip auth-proxy AUTHPROXY
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 192.168.250.1
  ip http server
  ip http authentication aaa
  no ip http secure-server
  ip nat inside source list nat interface FastEthernet0/0 overload
  ip access-list extended nat
  permit ip 192.168.200.0 0.0.0.255 any
  access-list 110 permit ip any any
  tacacs-server host 192.168.250.20
  tacacs-server key cisco123
  end
  Please check if the commands are supported on your router as well.
  If this ws helpful please rate.
  Regards.

• Runcluvfy nodecon fails eventhough ssh and scp doesnt ask for password

  Hi all,
  this is my first attempt to oracle RAC . I configured the ssh gen as shown in documentation without using passphrase
  I tested ssh and scp and it do not ask me password .
  xt33db006[oracle:grid10p]/opt/home/oracle$ ssh xt33db007 date
  Thu Apr 24 12:15:13 PDT 2008
  xt33db007[oracle:grid10p]/opt/home/oracle$ ssh xt33db006 date
  Thu Apr 24 12:15:43 PDT 2008
  but when I try to do
  runcluvfy.sh comp nodecon -n xt33db006,xt33db007 -verbose
  Verifying node connectivity
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  do I need to put these 2 hostname in hosts.equiv file ? not sure what I am missing here
  I will appreciate any pointer .
  thanks
  -Prasad

  xt33db006[oracle:grid10p]/opt/home/oracle$ runcluvfy.sh stage -pre crsinst -n xt33db006,xt33db007 -verbose
  Performing pre-checks for cluster services setup
  Checking node reachability...
  Check: Node reachability from node "xt33db006"
  Destination Node Reachable?
  xt33db006 yes
  xt33db007 yes
  Result: Node reachability check passed from node "xt33db006".
  Checking user equivalence...
  Check: User equivalence for user "oracle"
  Node Name Comment
  xt33db007 failed
  xt33db006 failed
  Result: User equivalence check failed for user "oracle".
  ERROR:
  User equivalence unavailable on all the nodes.
  Verification cannot proceed.
  Pre-check for cluster services setup was unsuccessful on all the nodes.

• Ssh and solaris 10

  Hi,
  since we upgraded to solaris 10, ssh behavior changed. After validating the login, it takes something like 10 seconds for ssh to ask for the password. Has anyone observe such behavior ?

  Hi,
  yep nslookup failed with my IP adress, it returns "no server could be reached". my /etc/nsswitch.conf only list files (no dns), and /etc/resolv.conf is :
  nameserver 127.0.0.1
  I've stoped and restarted /etc/init.d/nscd after modification.
  Finger find the correct name of the remote computer though.

• The user which does not exist can login BI Answers without password

  Hi I got an Issue in the BI Answers login.
  Any non-exist username can login to the BI answers without password.
  And the exist-user need the correct password.
  Does anybody have the same issue before?
  And also, any non-exist username can login to BI Answers if the password is provided as the same as username, even the user account doesn't exist.
  After the non-exist user login, the system would automatilly create this user account.
  Edited by: Jinfeng Ling on Dec 19, 2008 7:04 AM

  Hi Madan
  The Security Section in my NQSConfig.INI file is following:
  # Security Section
  # Legal value for DEFAULT_PRIVILEGES are:
  # NONE READ
  [ SECURITY ]
  DEFAULT_PRIVILEGES = READ;
  PROJECT_INACCESSIBLE_COLUMN_AS_NULL     =     NO;
  MINIMUM_PASSWORD_LENGTH     =     0;
  #SSL=NO;
  #SSL_CERTIFICATE_FILE="servercert.pem";
  #SSL_PRIVATE_KEY_FILE="serverkey.pem";
  #SSL_PK_PASSPHRASE_FILE="serverpwd.txt";
  #SSL_PK_PASSPHRASE_PROGRAM="sitepwd.exe";
  #SSL_VERIFY_PEER=NO;
  #SSL_CA_CERTIFICATE_DIR="CACertDIR";
  #SSL_CA_CERTIFICATE_FILE="CACertFile";
  #SSL_TRUSTED_PEER_DNS="";
  #SSL_CERT_VERIFICATION_DEPTH=9;
  #SSL_CIPHER_LIST="";
  # There are 3 types of authentication. The default is NQS
  # You can select only one of them
  #----- 1 -----
  #AUTHENTICATION_TYPE = NQS; // optional and default
  #----- 2 -----
  #AUTHENTICATION_TYPE = DATABASE;
  # [ DATABASE ]
  # DATABASE = "some_data_base";
  #----- 3 -----
  #AUTHENTICATION_TYPE = BYPASS_NQS;
  Can you see any problem?
  Thanks!
  Jinfeng

• Fresh install of 11.1 and "sqlplus user@instance/password" does not work

  new server, windows server 2008, fresh install of 11.1.0.7 with local instance.
  can connect to the instance using "sqlplus user/password" since ORACLE_SID is set,
  can connect to a 9.2 remote instance using "sqlplus user@remoteinstance/password".
  can't connect using "sqlplus user@localinstance/password".
  <command>
  l:path>set oracle_sid=localinstance
  l:path>sqlplus username/password
  SQL*Plus: Release 11.1.0.7.0 - Production on Mon Nov 8 13:11:02 2010
  Copyright (c) 1982, 2008, Oracle. All rights reserved.
  Connected to:
  Oracle Database 11g Release 11.1.0.7.0 - Production
  SQL> exit
  Disconnected from Oracle Database 11g Release 11.1.0.7.0 - Production
  l:\path>sqlplus username@localinstance/password
  SQL*Plus: Release 11.1.0.7.0 - Production on Mon Nov 8 13:11:21 2010
  Copyright (c) 1982, 2008, Oracle. All rights reserved.
  ERROR:
  ORA-12514: TNS:listener does not currently know of service requested in connect
  descriptor
  l:\path>
  l:\path>sqlplus username@remoteinstance/password
  SQL*Plus: Release 11.1.0.7.0 - Production on Mon Nov 8 13:11:45 2010
  Copyright (c) 1982, 2008, Oracle. All rights reserved.
  Connected to:
  Oracle9i Enterprise Edition Release 9.2.0.8.0 - Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.8.0 - Production
  SQL> exit
  Disconnected from Oracle9i Enterprise Edition Release 9.2.0.8.0 - Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.8.0 - Production
  l:\path>
  </command>
  what am i doing wrong?
  many thanks in advance,
  stephen.

  =================================
  A couple of important points.
  First, the listener is a server side only process. It's entire purpose in life is to receive requests for connections to databases and set up those connections. Once the connection is established, the listener is out of the picture. It creates the connection. It doesn't sustain the connection. One listener, with the default name of LISTENER, running from one oracle home, listening on a single port, will serve multiple database instances of multiple versions running from multiple homes. It is an unnecessary complexity to try to have multiple listeners or to name the listener as if it belongs to a particular database. That would be like the telephone company building a separate switchboard for each customer.
  Additional notes on the listener: One listener is capable of listening on multiple ports. But please notice that it is the listener using these ports, not the database instance. You can't bind a specific listener port to a specific db instance. Similarly, one listener is capable of listnening on multiple IP addresses (in the case of a server with multiple NICs) But just like the port, you can't bind a specific ip address to a specific db instance.
  Second, the tnsnames.ora file is a client side issue. It's purpose is for address resolution - the tns equivalent of the 'hosts' file further down the network stack. The only reason it exists on a host machine is because that machine can also run client processes.
  Assume you have the following in your tnsnames.ora:
  larry =
    (DESCRIPTION =
      (ADDRESS_LIST =
        (ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
      (CONNECT_DATA =
        (SERVICE_NAME = curley)
    )Now, when you issue a connect, say like this:
  $> sqlplus scott/tiger@larrytns will look in your tnsnames.ora for an entry called 'larry'. Next, tns sends a request to (PORT = 1521) on (HOST = myhost) using (PROTOCOL = TCP), asking for a connection to (SERVICE_NAME = curley).
  Where is (HOST = myhost) on the network? When the request gets passed from tns to the next layer in the network stack, the name 'myhost' will get resolved to an IP address, either via a local 'hosts' file, via DNS, or possibly other less used mechanisms. You can also hard-code the ip address (HOST = 123.456.789.101) in the tnsnames.ora.
  Next, the request arrives at port 1521 on myhost. Hopefully, there is a listener on myhost configured to listen on port 1521, and that listener knows about SERVICE_NAME = curley. If so, you'll be connected.
  What can go wrong?
  First, there may not be an entry for 'larry' in your tnsnames. In that case you get "ORA-12154: TNS:could not resolve the connect identifier specified" No need to go looking for a problem on the host, with the listener, etc. If you can't place a telephone call because you don't know the number (can't find your telephone directory (tnsnames.ora) or can't find the party you are looking for listed in it (no entry for larry)) you don't look for problems at the telephone switchboard.
  Maybe the entry for larry was found, but myhost couldn't be resolved to an IP address (say there was no entry for myhost in the local hosts file). This will result in "ORA-12545: Connect failed because target host or object does not exist"
  Maybe there was an entry for myserver in the local hosts file, but it specified a bad IP address. This will result in "ORA-12545: Connect failed because target host or object does not exist"
  Maybe the IP was good, but there is no listener running: "ORA-12541: TNS:no listener"
  Maybe the IP was good, there is a listener at myhost, but it is listening on a different port. "ORA-12560: TNS:protocol adapter error"
  Maybe the IP was good, there is a listener at myhost, it is listening on the specified port, but doesn't know about SERVICE_NAME = curley. "ORA-12514: TNS:listener does not currently know of service requested in connect descriptor"
  Third: If the client is on the same machine as the db instance, it is possible to connect without referencing tnsnames and without going through the listener.
  Now, when you issue a connect, say like this:
  $> sqlplus scott/tigertns will attempt to establish an IPC connection to the db instance. How does it know the name of the instance? It uses the current value of the enviornment variable ORACLE_SID. So...
  $> export ORACLE_SID=fred
  $> sqlplus scott/tigerIt will attempt to connect to the instance known as "fred". If there is no such instance, it will, of course, fail. Also, if there is no value set for ORACLE_SID, the connect will fail.
  check executing instances to get the SID
  [oracle@vmlnx01 ~]$ ps -ef|grep pmon|grep -v grep
  oracle    4236     1  0 10:30 ?        00:00:00 ora_pmon_vlnxora1set ORACLE_SID appropriately, and connect
  [oracle@vmlnx01 ~]$ export ORACLE_SID='vlnxora1
  [oracle@vmlnx01 ~]$ sqlplus scott/tiger
  SQL*Plus: Release 10.2.0.4.0 - Production on Wed Sep 22 10:42:37 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing optionsNow set ORACLE_SID to a bogus value, and try to connect
  SQL> exit
  [oracle@vmlnx01 ~]$ export ORACLE_SID=FUBAR
  [oracle@vmlnx01 ~]$ sqlplus scott/tiger
  SQL*Plus: Release 10.2.0.4.0 - Production on Wed Sep 22 10:42:57 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  ERROR:
  ORA-01034: ORACLE not available
  ORA-27101: shared memory realm does not exist
  Linux Error: 2: No such file or directory
  Enter user-name: Now set ORACLE_SID to null, and try to connect
  [oracle@vmlnx01 ~]$ export ORACLE_SID=
  [oracle@vmlnx01 ~]$ sqlplus /scott/tiger
  SQL*Plus: Release 10.2.0.4.0 - Production on Wed Sep 22 10:43:24 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  ERROR:
  ORA-12162: TNS:net service name is incorrectly specifiedOk, that is how we get from the client connection request to the listener. What about the listener's part of all this?
  The listener is very simple. It's job is to listen for connection requests and make the connection (server process) between the client and the database instance. Once that connection is made, the listener is out of the picture. If you were to kill the listener, all existing connections would continue. The listener is configured with the listener.ora file, but if that file doesn't exist, the listener is quite capable of starting up with all default values. One common mistake with the listner configuration is to specify "HOST=localhost" or "HOST=127.0.01". This is a NONROUTABLE ip address. LOCALHOST and ip address 127.0.0.1 always mean "this machine on which I am sitting". So, all computers are known as "localhost" or "127.0.0.1". If you specify this address, the listener will only be capable of receiving requests from the machine on which it is running. If you specified that address in your tnsnames file - on a remote client machine - the request would be routed to the machine on which the requesting client resides. Probably not what you want.
  =====================================

• I have an ipad and forgot the password. I tried to many times and it disabled on me. How do I get back into my ipad without using iTunes and without losing all my saved items.

  I have an ipad 2 WiFi. I was in the hospital having surgery and forgot my password. I tried several times but couldn't get it. I ended up disabling my ipad. There are important pics n notes in there that I need. How can I get back into it without using iTunes (because I bought it second hand, off ebay) and without losing all my saved items. Please help me!

  If it's disabled then it's too late to copy any content off it or to take a new backup, you will have to reset it back to factory defaults by connecting it to a computer's iTunes : Forgot passcode for your iPhone, iPad, or iPod touch, or your device is disabled - Apple Support
  Have you been backing up to the cloud ? If you have then after resetting it back to factory defaults you can restore to that backup : Back up and restore your iPhone, iPad, or iPod touch using iCloud or iTunes - Apple Support
  If you bought it second hand then had the previous user removed their account from Settings > iCloud (and had Find My iPad enabled) on it ? If not and the iPad is on iOS 7+ then you will have to contact the previous owner to reactivate the iPad after resetting it : Find My iPhone Activation Lock: Removing a device from a previous owner’s account - Apple Support